Information act

Updated on 2023



      For the purposes of this Regulation:

Data ControllerIt is the natural or legal person, public authority, service or any other body that, individually or together with others, determines the purposes and means of processing, i.e., decides “why” and “how” data are to be processed, without receiving instructions from others.
Privacy ReferentIt is the natural person identified by the Data Controller as an internal contact in charge of monitoring that the treatment is carried out in the terms and in the ways established In the Regulation (EU) 2016/679 GDPR. It is the person to whom the interested party can contact, to exercise their rights.
Data ProcessorIt is the natural or legal person, public authority, service or any other body that processes personal data on behalf of the Data Controller, therefore which processes the data on the instruction of the Data Controller.
Data Protection OfficerIt is the new figure appointed by the Data Controller, monitors the implementation and application of the European Regulation, data security, the response to requests from data subjects to exercise the rights recognized by the Regulation, must ensure that the Data Controller or the Data Controller comply with European data protection regulations.
Authorized Subjects  These figures are expressly authorized by the Data Controller to process data under the authority and instructions of the Data Controller.
Personal dataAny information that identifies or makes identifiable a person, referred to as a “data subject.” An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, location data, an online identifier, or characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.
Data ProcessingIt is any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as: collection; registration; organization; structuring; preservation; adaptation or modification; extraction; consultation; use; communication by transmission;   dissemination or any other form of making available; comparison or interconnection; the limitation; deletion or destruction

All this being said, the company informs that:


  Business name  GIOEL SPA
AddressVia Alto Adige, 92 – 38121 – Trento (TN)
Tel0461 950250


  Surname and name  DANIELA SOSI
Tel.0461 950250


  Surname and name  SERGIO PETTI

The list of Outsourcing Data Processors is available upon request to our Privacy Referent Daniela Sosi email:

PURPOSE OF PROCESSING                                                                                                                                                                                                   

The personal data, object of the processing and precisely, of identification, administrative, accounting and fiscal, commercial, eventually computerized, referred to the customer and communicated by him/her,  in order to be able to execute the relationship with the data controller, are used in compliance with the provisions on the processing and protection of personal data, for the pursuit of purposes instrumental and / or complementary to the activities statutorily expressed and functional to the performance of the contractual / pre-contractual relationship in place with the data subgect and regarding to the services / performances requested by the same.

NATURE OF THE PROVISION                                                                                                                                                                                                 

The collected data or the data communicated directly by the data subject, will be processed for a well-defined and legitimate purpose, in order to be able to provide requested services and advice (and are not further processed in a manner incompatible with this initial purpose). Any refusal by the data subject implies the impossibility for the Data Controller, to follow up the relationship and its regular continuation. The provision of data is mandatory for the fulfillments required and sanctioned by law, otherwise the provision is optional but necessary and any refusal by the data subject involves for the Data controller, the impossibility to follow up on the relationship established and its execution.

INFORMATION YOU MAY PROVIDE TO US                                                                                                                                                                       

We may collect and process the following information about you that you provide to us, so that we can give you the best possible experience when using our services. The personal information you provide to us may include the following:

Personal Information:

  • Customer Code
  • Last Name, First Name,
  • Residential Address,
  • Country of residence,
  • Date of birth,
  • Cell phone number,
  • Email address,
  • Tax code,

Commercial Information:

  • Order Number
  • Product Code
  • Quantity
  • Discount
  • Payment information (e.g., credit card information)
  • Bank account information
  • Signatures

Other personal information and documents containing personal information may be collected from time to time for business purposes, such as processing bonuses. This category of information is provided by the user by performing certain activities:

Our company adheres to the European Data Protection Regulation, and will not share your personal information with outside companies or suppliers, except for the facilitation of a business process or financial transactions on your behalf.


During each of your visits to our Web sites, we may collect the following information:

  • Technical information, including the Internet Protocol (IP) address used to connect the computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform;
  • Information about your visit, including complete URL (Uniform Resource Locators), the flow of clicks to and from our site (including date and time), the products you viewed or searched for, page response times, download errors, duration of visits to specific pages, page interaction information (such as scrolling, clicking, and mouse-over), methods used to navigate away from the page, any phone number used to call our customer service number, and any e-mail address used to contact us.

 INFORMATION WE RECEIVE FROM OTHER SOURCES                                                                                                                                           

We may work closely with third parties (including, for example, business partners, subcontractors in technical services, payment and delivery services, advertising networks, analytics providers, research information providers) and may receive personal information. We will inform you about the purposes for which we intend to use it.


Cookies are small fragments of text, usually consisting of letters and/or numbers, that are sent by the website being visited and stored on the device used by the user for browsing. In this way, the sites themselves can recognize users who return to visit them later. In fact, this is a method that servers use to recognize users, save each one’s preferences, and offer personalized options and performance. In-depth information can be found in website, in the Cookiessection.

DISCLOSURE OF USER INFORMATION                                                                                                                                                                     

Information about our users and/or customers is an important part of our business and it is not our intention to sell that information to others. We share personal information only as described below:

  • Internal Disclosure: We necessarily require the storage and disclosure of your information within our offices on a necessary basis in order to effectively conduct our legitimate business activities.
  • Business purposes: Personal information may be made available to our business/ commercial partners. If you terminate your relationship with us, this information will be removed and no longer shared.
  • Third-party service providers: we employ other companies and/or individuals to perform processing on our behalf. Examples may include sending mail, analyzing data, providing support, providing search results and links, processing credit card payments, and providing customer service. These providers have access to personal information needed to perform their functions in accordance with contractual obligations, but they can’t use it for any other purpose.
  • Promotional offers: our company never sells, exchanges or rents your personal information to unrelated third parties without your explicit consent. From time to time, it may send you offers and promotional materials to:
    • Provide you with information about other goods and services that our company produces similar to those you purchased and requested.
    • Inform you of changes to our goods and services. People are free to opt out of these promotional offers at any time, by communicating it by e-mail or by contacting our Privacy Referent.

With your consent: in addition to the above, you will receive a notice when information about you may be sent to other third parties, and you will have the opportunity to opt out of sharing the information.


The information we collect from you is stored and processed by the staff operating within the European Economic Area (“EEA”). However, there may be other cases where your information is necessarily provided to other entities outside the European Economic Area (“EEA”). Any information will only be shared with other foreign entities in accordance with the General Data Protection Regulation (EU) 2016/679. We will take all appropriate measures to ensure that:

  • Your information is treated securely and in accordance with this Privacy Policy.
  • That records containing your information are retained or destroyed in accordance with our internal Global Records Retention Policy.

RETENTION OF YOUR PERSONAL INFORMATION                                                                                                                                                  

We retain personal information only as long as necessary to provide the services you request and thereafter for legitimate legal or business purposes. These may include retention periods

  • imposed by law,
  • To preserve, settle, defend or enforce our legal/contractual rights;

SECURITY MEASURES                                                                                                                                                                                                  

All information you provide to us is stored on secure servers. We maintain a wide variety of security programs and checks to protect your information. All payment transactions will be encrypted using SSL (Secure Sockets Layer) technology. We follow the Payment Card Industry Data Security Standard (PCI DSS) when handling credit card information. Where we have provided you (or where you have chosen) a password that allows you access, you are responsible for keeping this password confidential. We ask that you do not share a password with anyone and that you use a strong, unique password.

In addition, appropriate technical and organizational security measures have been taken to protect the data themselves from unauthorized or unlawful processing, loss or accidental damage. It is important to be aware that, unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we receive your information, we will use strict procedures and security features to try to prevent unauthorized access.

ACCESS, CONTROL                                                                                                                                                                                                     

If you created an account during the registration process, you can view, update, and delete certain information about yourself and your interactions with us. If you have an order confirmation number, you may be able to edit and update your order. If you cannot access or update the information yourself, you can always contact us for assistance.

YOUR RIGHTS                                                                                                                                                                                                                

We may ask you to provide a valid form of identification (such as completing a privacy verification form) for verification purposes. Your rights are as follows:

RIGHTS OF THE DATA SUBJECT                                                                                   

The European Regulation gives specific rights to the data subject, who may apply directly to the Data Controller to enforce the exercise of these rights.

The rights (Art. 15 to 21 of the European Regulations) that can be exercised are:

  • Information: the request to know what data are being processed;
  • Access: to request and obtain in an understandable way, the data being processed;
  • Update or rectification: request correction of inaccurate data or supplementation of incomplete data;
  • Objection: to object at any time, on grounds relating to his/ her particular situation, to the processing of data concerning him or her, in whole or in part;
  • Deletion: obtain the deletion of the data being processed;
  • Revocation of consent: revoke at any time, the consent given to data processing;
  • Objection to automated processing: in ordernot to be subjected to processing based exclusively on automated decisions, including profiling;
  • Anonymization: being able to obtain the transformation of the processed data into anonymous form;
  • Blocking or restriction: for thosedata that have been processed in violation of the law and for those where storage is no longer necessary, depending on the purpose;
  • Data portability: for data processed with automated systems based on consent or contractual necessity;
  • Complaint to a Supervisory Authority: a request may be submitted and a complaint may be lodged with the Supervisory Authority, if the processing carried out is not in accordance with the law.

If you have any privacy-related questions, concerns, or complaints about our Privacy Policy or how we handle your personal information, you can contact:

The Data Protection Officer is Sergio Petti:

Via e-mail By phone on: 392 826772